package com.hc.comm.interceptor;


import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.apache.log4j.Logger;
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;

import com.alibaba.fastjson.JSON;
import com.hc.comm.utils.ExceptionUtils;
import com.hc.comm.utils.ServletUtil;
import com.hc.comm.utils.XssUtil;



/**
 * xss攻击处理拦截器*
 * 
 * @author 
 * 
 */
public class XssInterceptor extends HandlerInterceptorAdapter {

	private static Logger logger = Logger.getLogger(XssInterceptor.class);

	@Override
	public boolean preHandle(HttpServletRequest request,
			HttpServletResponse response, Object handler) throws Exception {
		logger.debug("xss拦截器start");
		logger.debug("请求参数:" + JSON
				.toJSONString(ServletUtil.getParameterMap(request, true)));
		boolean valid = XssUtil.filterXss(request);
		logger.debug("请求参数(xss处理之后):"
				+ JSON.toJSONString(ServletUtil.getParameterMap(request, true)));
		logger.debug("xss拦截器end");
		if (!valid) {
			ExceptionUtils.throwBaseException("请求参数包含非法字符!");
		}
		return super.preHandle(request, response, handler);
	}

}


